RMON2
i. RMON1 only provides visibility into the data link and the physical layers; potential problems that occur at the higher layers still require other capture and decode tools.
ii. Because of RMON1's limitations, RMON2 was developed to extend functionality to upper-layer protocols. RMON2 provides full network visibility from the network layer through to the application layer.
iii. RMON2 is not a replacement for RMON1, but an extension of it. RMON2 extends RMON1 by adding nine more groups that provide visibility to the upper layers.
iv. With visibility into the upper-layer protocols, the network manager can monitor any upper-layer protocol traffic for any device or subnet in addition to the MAC layer traffic.
v. RMON2 allows the collection of statistics beyond a specific segment's MAC layer and provides an end-to-end view of network conversations per protocol.
vi. RMON2 is an extension of RMON that focuses on higher layers of traffic above the Medium Access Control (MAC) layer.
vii. RMON2 has an emphasis on IP traffic and application-level traffic. RMON2 allows network management applications to monitor packets on all network layers.
viii. This is difference from RMON which only allows network monitoring at MAC layer or below. RMON2 is intended to be used by network monitoring applications. It is not intended to be used by human.
ix. The network manager can view conversations at the network and application layers. Therefore, traffic generated by a specific host or even a specific application (for example, a Telnet client or a web browser) on that host can be observed.
x. Each monitored object must have a name, a syntax, an access-level, and an implementation-status. The name is used to identify the monitored object.
xi. The name has an object type and an object instance. Usually, the name is a text string for human to read. The
syntax is the structure defined using ASN.1 notation. This abstract structure helps the human to understand the monitored object.
xii. The access-level means whether the monitored object can be read, written or both. Implementation-status is the status of the actual object. There are four possible values: mandatory, optional, obsolete, or deprecated.
RMON2 Groups :
RMON groups that were added when RMON2 was introduced, include the following:
- Protocol Directory: Provides the list of protocols that the device supports
- Protocol Distribution: Contains traffic statistics for each supported protocol
- Address Mapping: Contains network layer-to-MAC layer address mappings
- Network Layer Host: Contains statistics for the network layer traffic to or from each host
- Network Layer Matrix: Contains network layer traffic statistics for conversations between pairs of hosts
- Application Layer Host: Contains statistics for the application layer traffic to or from each host
- Application Layer Matrix: Contains application layer traffic statistics for conversations between pairs of hosts
- User History Collection: Contains periodic samples of user-specified variables
- Probe Configuration: Provides a standard way of remotely configuring probe parameters, such as trap destination and out-of-band management
These hold information related to higher-layer activities, such as statistics of traffic carried between specific host pairs for a given application.
These groups provide statistics on the amount of traffic between pairs of hosts, and contain statistics relating to the network layer and the application layer.
Advantages of RMON2 :
i. RMON2 is developed to provide a capability of monitoring protocol traffic above the MAC level. RMON2 operates upward from the network layer to the application layer. It can monitor traffic at the network layer, including IP addressing, and at the application level, such as email, ftp, and web.
ii. As a result, RMON2 can determine source or destination addresses beyond a router. This additional capability enables a network manager to determine such things as which nodes are contributing to the bulk of traffic that is incoming or outgoing to the LAN.
iii. It also enables a breakdown of traffic by protocol or application. The RMON2 MIB introduces an additional nine groups of variables to that of the RMON 1 MIB.
iv. The RMON2 brings benefits to the interoperability between independently developed solutions by moving up the protocol stack to analyze the network-and application-layer traffic.
v. By monitoring the higher protocols, RMON2 can provide the information beyond segmented connectivity and present an internetwork or enterprise view of network traffic.
vi. RMON2's capabilities include higher layer statistics, address translation (binding between MAC-layer addresses and network-layer addresses), configurable historical data studies, improved filtering, and remote probe configuration.
vii. The protocol directory of RMON2 supports a simple and interoperable scheme to establish associations with other RMON2 agent implementations. This protocol directory feature allows RMON applications to:
- Define an open, extensible structure for collecting the traffic, host, and matrix data for each protocol and application.
- Map the data collected by a probe to the correct protocol name that can then be displayed at the network manager.